In its latest threat assessment, downloadable online, the National Crime Agency (NCA) and National Cyber Security Centre reported that ransomware has grown significantly over the past year. Internet-connected gadgets raise the risk of attacks for consumers.
Keiron Dalton, from Aspect Software, suggests that the so-called Internet of Things has had a major impact on trust and security, and will continue to do so as more and more consumers adopt technologies such as fitness trackers, smart watchers and smart TVs. He said: “The more devices that are connected, the more challenging authentication and trust becomes as our digital lives are ever more distributed. Think of it this way – each device uses some of your personal data, and whether that’s an email address or full credit card details, pieces of our ‘identity’ are fragmented and essentially blasted off into the ether.”
Dalton believes that while organisations such as device manufacturers and the associated software providers must to do better in offering protection from ransomware and other takeover-style attacks. However, he said: “Our individual digital identities are growing at a rate of knots; either we run in circles patching vulnerabilities as the issue gets worse, or organisations with a duty to protect consumers from online threats (such as banks and mobile network operators) need to take advantage of the data assets that they have in the shape of all of these devices.
“It’s not just smartphones that are vulnerability hotspots – each connected device has an element of vulnerability that can be exploited. To be fair to the consumer, nobody considers the personal security risk when they run around with their fitness tracker on, especially as the data is being used for good reason. However, there is a massive opportunity for organisations. Since cyber-crime – and in particular fraudulent activity – always follows the channels of adoption, all of the data generated by each device could be used to glean new insight to protect us and remove friction from our digital lives.
“A good example would be using the fitness tracker to authenticate a mobile banking transaction; the location of your run could help determine the proximity to a payment or confirm your residence. Essentially your collection of devices can form a repertoire of hard tokens to authenticate your identity.
“I agree that device companies need to invest in better protection and training for customer engagement centre staff to be able to advise consumers on how best to prevent device infiltration. Until we can close some of the major security holes, we have a way to go on building robust, bullet-proof mobile identities. But the end goal has to be removing that friction from our digital lives.”
